FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
tls.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
17 #include <vnet/session/application_interface.h>
18 #include <vppinfra/lock.h>
19 
20 #ifndef SRC_VNET_TLS_TLS_H_
21 #define SRC_VNET_TLS_TLS_H_
22 
23 #define TLS_DEBUG 0
24 #define TLS_DEBUG_LEVEL_CLIENT 0
25 #define TLS_DEBUG_LEVEL_SERVER 0
26 
27 #define TLS_CHUNK_SIZE (1 << 14)
28 #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
29 
30 #if TLS_DEBUG
31 #define TLS_DBG(_lvl, _fmt, _args...) \
32  if (_lvl <= TLS_DEBUG) \
33  clib_warning (_fmt, ##_args)
34 #else
35 #define TLS_DBG(_lvl, _fmt, _args...)
36 #endif
37 
38 /* *INDENT-OFF* */
39 typedef CLIB_PACKED (struct tls_cxt_id_
40 {
41  u32 parent_app_index;
42  session_handle_t app_session_handle;
43  session_handle_t tls_session_handle;
44  u32 ssl_ctx;
45  u32 listener_ctx_index;
46  u8 tcp_is_ip4;
47  u8 tls_engine_id;
48 }) tls_ctx_id_t;
49 /* *INDENT-ON* */
50 
51 STATIC_ASSERT (sizeof (tls_ctx_id_t) <= 42, "ctx id must be less than 42");
52 
53 typedef struct tls_ctx_
54 {
55  union
56  {
57  transport_connection_t connection;
58  tls_ctx_id_t c_tls_ctx_id;
59  };
60 #define parent_app_index c_tls_ctx_id.parent_app_index
61 #define app_session_handle c_tls_ctx_id.app_session_handle
62 #define tls_session_handle c_tls_ctx_id.tls_session_handle
63 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
64 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
65 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
66 #define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
67 #define tls_ctx_handle c_c_index
68  /* Temporary storage for session open opaque. Overwritten once
69  * underlying tcp connection is established */
70 #define parent_app_api_context c_s_index
71 
72  u8 is_passive_close;
73  u8 resume;
74  u8 *srv_hostname;
75 } tls_ctx_t;
76 
77 typedef struct tls_main_
78 {
79  u32 app_index;
80  tls_ctx_t *listener_ctx_pool;
81  tls_ctx_t *half_open_ctx_pool;
82  clib_rwlock_t half_open_rwlock;
83  u8 **rx_bufs;
84  u8 **tx_bufs;
85 
86  /*
87  * Config
88  */
89  u8 use_test_cert_in_ca;
90  char *ca_cert_path;
91 } tls_main_t;
92 
93 typedef struct tls_engine_vft_
94 {
95  u32 (*ctx_alloc) (void);
96  void (*ctx_free) (tls_ctx_t * ctx);
97  tls_ctx_t *(*ctx_get) (u32 ctx_index);
98  tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
99  int (*ctx_init_client) (tls_ctx_t * ctx);
100  int (*ctx_init_server) (tls_ctx_t * ctx);
101  int (*ctx_read) (tls_ctx_t * ctx, stream_session_t * tls_session);
102  int (*ctx_write) (tls_ctx_t * ctx, stream_session_t * app_session);
103  u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
104  int (*ctx_start_listen) (tls_ctx_t * ctx);
105  int (*ctx_stop_listen) (tls_ctx_t * ctx);
106 } tls_engine_vft_t;
107 
108 typedef enum tls_engine_type_
109 {
110  TLS_ENGINE_NONE,
111  TLS_ENGINE_MBEDTLS,
112  TLS_ENGINE_OPENSSL,
113  TLS_N_ENGINES
114 } tls_engine_type_t;
115 
116 tls_main_t *vnet_tls_get_main (void);
117 void tls_register_engine (const tls_engine_vft_t * vft,
118  tls_engine_type_t type);
119 int tls_add_vpp_q_rx_evt (stream_session_t * s);
120 int tls_add_vpp_q_tx_evt (stream_session_t * s);
121 int tls_add_vpp_q_builtin_tx_evt (stream_session_t * s);
122 int tls_add_vpp_q_builtin_rx_evt (stream_session_t * s);
123 int tls_notify_app_accept (tls_ctx_t * ctx);
124 int tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed);
125 void tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session);
126 #endif /* SRC_VNET_TLS_TLS_H_ */
127 /*
128  * fd.io coding-style-patch-verification: ON
129  *
130  * Local Variables:
131  * eval: (c-set-style "gnu")
132  * End:
133  */
tls_engine_type_t
enum tls_engine_type_ tls_engine_type_t
transport_connection_t
struct _transport_connection transport_connection_t
tls_main_::half_open_rwlock
clib_rwlock_t half_open_rwlock
Definition: tls.h:82
tls_main_::ca_cert_path
char * ca_cert_path
Definition: tls.h:90
tls_main_t
struct tls_main_ tls_main_t
application_interface.h
tls_notify_app_accept
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:190
tls_engine_vft_t
struct tls_engine_vft_ tls_engine_vft_t
tls_main_::use_test_cert_in_ca
u8 use_test_cert_in_ca
Definition: tls.h:89
session_handle_t
u64 session_handle_t
Definition: session.h:111
clib_rw_lock_
Definition: lock.h:108
u8
unsigned char u8
Definition: types.h:56
listener_ctx_index
#define listener_ctx_index
Definition: tls.h:63
tls_notify_app_enqueue
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:181
tls_main_::app_index
u32 app_index
Definition: tls.h:79
tls_ctx_::is_passive_close
u8 is_passive_close
Definition: tls.h:72
parent_app_index
#define parent_app_index
Definition: tls.h:60
u32
unsigned int u32
Definition: types.h:88
stream_session_t
struct _stream_session_t stream_session_t
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
tls_main_
Definition: tls.h:77
tls_ctx_::c_tls_ctx_id
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:58
tls_add_vpp_q_tx_evt
int tls_add_vpp_q_tx_evt(stream_session_t *s)
Definition: tls.c:70
tls_ctx_
Definition: tls.h:53
tls_notify_app_connected
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:232
tls_ctx_t
struct tls_ctx_ tls_ctx_t
tls_engine_vft_
Definition: tls.h:93
tls_main_::rx_bufs
u8 ** rx_bufs
Definition: tls.h:83
tls_add_vpp_q_builtin_rx_evt
int tls_add_vpp_q_builtin_rx_evt(stream_session_t *s)
Definition: tls.c:62
tls_register_engine
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:748
tls_ctx_::connection
transport_connection_t connection
Definition: tls.h:57
app_session_handle
#define app_session_handle
Definition: tls.h:61
vnet_tls_get_main
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:826
tls_main_::half_open_ctx_pool
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:81
tls_main_::tx_bufs
u8 ** tx_bufs
Definition: tls.h:84
tls_add_vpp_q_builtin_tx_evt
int tls_add_vpp_q_builtin_tx_evt(stream_session_t *s)
Definition: tls.c:78
CLIB_PACKED
typedef CLIB_PACKED(struct tls_cxt_id_ { u32 parent_app_index;session_handle_t app_session_handle;session_handle_t tls_session_handle;u32 ssl_ctx;u32 listener_ctx_index;u8 tcp_is_ip4;u8 tls_engine_id;}) tls_ctx_id_t
STATIC_ASSERT
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=42, "ctx id must be less than 42")
tls_ctx_::srv_hostname
u8 * srv_hostname
Definition: tls.h:74
tls_add_vpp_q_rx_evt
int tls_add_vpp_q_rx_evt(stream_session_t *s)
Definition: tls.c:54
tls_ctx_::resume
u8 resume
Definition: tls.h:73
tcp_is_ip4
#define tcp_is_ip4
Definition: tls.h:64
tls_engine_type_
tls_engine_type_
Definition: tls.h:108
tls_session_handle
#define tls_session_handle
Definition: tls.h:62
tls_main_::listener_ctx_pool
tls_ctx_t * listener_ctx_pool
Definition: tls.h:80